Linux packages: add grafana-agent user to adm and systemd-journal gro…

…ups (#771) * deb package: add grafana-agent user to adm and systemd-journal groups Closes #737 * changelog * fix comment * mirror change to rpm * update changelog * lint packaging scripts * fix lint errors * invert condition for group check
grafana · Jul 22, 2021 · ab99327 · ab99327
1 parent e80299b
commit ab99327
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 13 deletions.
diff --git a/.github/workflows/scripts.yml b/.github/workflows/scripts.yml
@@ -8,4 +8,4 @@ jobs:
     - uses: actions/checkout@v2
     - uses: azohra/shell-linter@latest
       with:
-        path: "production"
+        path: "packaging,production"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -22,6 +22,10 @@
 - [BUGFIX] The directory of the logs positions file will now properly be created
   on startup for all instances.
 
+- [BUGFIX] The Liunx system packages will now configure the grafana-agent user
+  to be a member of the adm and systemd-journal groups. This will allow logs to
+  read from journald and /var/log by default. (@rfratto)
+
 - [CHANGE] Breaking change: reduced verbosity of tracing autologging
   by not logging `STATUS_CODE_UNSET` status codes. (@mapno)
 
@@ -35,7 +39,7 @@
 
 - [FEATURE] Added [Kafka Lag exporter](https://github.com/davidmparrott/kafka_exporter)
   integration. (@gaantunes)
-  
+
 - [BUGFIX] Fix race condition that may occur and result in a panic when
   initializing scraping service cluster. (@rfratto)
 
@@ -50,7 +54,7 @@
 
 - [ENHANCEMENT] Error messages when installing the Grafana Agent for Grafana
   Cloud will now be shown. (@rfratto)
-  
+
 - [BUGFIX]  Enabled flag is not being honored. (@mattdurham)
 
 - [BUGFIX] Fix a leak in the shared string interner introduced in v0.14.0.

diff --git a/packaging/deb/control/postinst b/packaging/deb/control/postinst
@@ -2,10 +2,11 @@
 
 set -e
 
+# shellcheck disable=SC1091
 [ -f /etc/default/grafana-agent ] && . /etc/default/grafana-agent
 
 # Initial installation: $1 == configure
-# Upgrade: $1 == 2, and configured to restart on upgrade
+# Upgrade: $1 == configure, $2 == old version
 case "$1" in
     configure)
         [ -z "$GRAFANA_AGENT_USER" ] && GRAFANA_AGENT_USER="grafana-agent"
@@ -14,13 +15,21 @@ case "$1" in
             groupadd -r "$GRAFANA_AGENT_GROUP"
         fi
         if ! getent passwd "$GRAFANA_AGENT_USER" > /dev/null 2>&1 ; then
-            useradd -m -r -g grafana-agent -d /var/lib/grafana-agent -s /sbin/nologin -c "grafana-agent user" grafana-agent
+            useradd -m -r -g "$GRAFANA_AGENT_GROUP" -d /var/lib/grafana-agent -s /sbin/nologin -c "grafana-agent user" "$GRAFANA_AGENT_USER"
+        fi
+
+        # Add grafana agent user to groups used for reading logs.
+        if getent group adm > /dev/null 2>&1 ; then
+            usermod -a -G adm "$GRAFANA_AGENT_USER"
+        fi
+        if getent group systemd-journal > /dev/null 2>&1 ; then
+            usermod -a -G systemd-journal "$GRAFANA_AGENT_USER"
         fi
 
         chmod 640 /etc/grafana-agent.yaml
         chown root:$GRAFANA_AGENT_GROUP /etc/grafana-agent.yaml
 
-        if [ -z ${2+x} ] &&  [ "$RESTART_ON_UPGRADE" == "true" ]; then
+        if [ -z ${2+x} ] && [ "$RESTART_ON_UPGRADE" = "true" ]; then
             if command -v systemctl 2>/dev/null; then
                 systemctl daemon-reload
                 systemctl restart grafana-agent

diff --git a/packaging/deb/control/prerm b/packaging/deb/control/prerm
@@ -2,6 +2,7 @@
 
 set -e
 
+# shellcheck disable=SC1091
 [ -f /etc/default/grafana-agent ] && . /etc/default/grafana-agent
 
 if [ "$1" = "remove" ]; then

diff --git a/packaging/rpm/control/postinst b/packaging/rpm/control/postinst
@@ -2,27 +2,41 @@
 
 set -e
 
+# shellcheck disable=SC1091
 [ -f /etc/sysconfig/grafana-agent ] && . /etc/sysconfig/grafana-agent
+[ -z "$AGENT_USER" ] && AGENT_USER="grafana-agent"
+[ -z "$AGENT_GROUP" ] && AGENT_GROUP="grafana-agent"
+
+add_to_logging_groups() {
+  # Add grafana agent user to groups used for reading logs.
+  if getent group adm > /dev/null 2>&1 ; then
+      usermod -a -G adm "$GRAFANA_AGENT_USER"
+  fi
+  if getent group systemd-journal > /dev/null 2>&1 ; then
+      usermod -a -G systemd-journal "$GRAFANA_AGENT_USER"
+  fi
+}
 
 # Initial installation: $1 == 1
 # Upgrade: $1 == 2, and configured to restart on upgrade
-if [ $1 -eq 1 ] ; then
-    [ -z "$AGENT_USER" ] && AGENT_USER="grafana-agent"
-    [ -z "$AGENT_GROUP" ] && AGENT_GROUP="grafana-agent"
+if [ "$1" -eq 1 ] ; then
     if ! getent group "$AGENT_GROUP" > /dev/null 2>&1 ; then
         groupadd -r "$AGENT_GROUP"
     fi
     if ! getent passwd "$AGENT_USER" > /dev/null 2>&1 ; then
-        useradd -r -m -g grafana-agent -d /var/lib/grafana-agent  -s /sbin/nologin -c "grafana-agent user" grafana-agent
+        useradd -r -m -g "$AGENT_GROUP" -d /var/lib/grafana-agent -s /sbin/nologin -c "grafana-agent user" "$AGENT_USER"
     fi
 
+    add_to_logging_groups
+
     chown $AGENT_USER:$AGENT_GROUP /var/lib/grafana-agent
     chmod 640 /etc/grafana-agent.yaml
     chown root:$AGENT_GROUP /etc/grafana-agent.yaml
 
+elif [ "$1" -ge 2 ] ; then
+    add_to_logging_groups
 
-elif [ $1 -ge 2 ] ; then
-    if [ "$RESTART_ON_UPGRADE" == "true" ]; then
+    if [ "$RESTART_ON_UPGRADE" = "true" ]; then
         systemctl daemon-reload
         systemctl restart grafana-agent
     fi

diff --git a/packaging/rpm/control/prerm b/packaging/rpm/control/prerm
@@ -2,12 +2,13 @@
 
 set -e
 
+# shellcheck disable=SC1091
 [ -f /etc/sysconfig/grafana-agent ] && . /etc/sysconfig/grafana-agent
 
 # final uninstallation $1=0
 # If other copies of this RPM are installed, then $1>0
 
-if [ $1 -eq 0 ] ; then
+if [ "$1" -eq 0 ] ; then
     if [ -x /bin/systemctl ] ; then
         /bin/systemctl stop grafana-agent.service > /dev/null 2>&1 || :
     elif [ -x /etc/init.d/grafana-agent ] ; then